إرسال #389261: Dlink Dlink DNS 320/320L/321/323/325/327L <=v1.1 Command Injectionالمعلومات

عنوانDlink Dlink DNS 320/320L/321/323/325/327L <=v1.1 Command Injection
الوصفThe DLINK nas DNS-320/320L/321/323/325/327L all firmware version has a command injection vulnerability in cgi_photo_search function of the file /cgi-bin/photocenter_mgr.cgi. The variable filter is passed from a POST request and is assigned to v6 via the sprintf function at line 64 and invoked by the system command, the SpecSymbol2BackSlash function did not work which leads to command execution.
المصدر⚠️ https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_photo_search.md
المستخدم
 BuaaIoTTeam (UID 73348)
ارسال12/08/2024 04:47 AM (2 سنوات منذ)
الاعتدال13/08/2024 08:17 AM (1 day later)
الحالةتمت الموافقة
إدخال VulDB274281 [D-Link DNS-1550-04 حتى 20240812 photocenter_mgr.cgi sprintf filter تجاوز الصلاحيات]
النقاط20

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!